<?php
if(isset($_SESSION[sess_login])){
	if(($_SESSION[sess_login]['permission']==3) && isset($_GET['id'])){
		$command = "SELECT `fullname`, `address`, `email`, `phonenumber`, `birthday`, `avatar` FROM `user_info` WHERE `id` = '".$_GET['id']."'";
		$id = $_GET['id'];
		$flag = true;
		$is_admin = true;
	}
	else if(isset($_GET['id'])){
		echo 'You are not permission to change information of user';
		$flag = false;
	}
	else {
		$command = "SELECT `fullname`, `address`, `email`, `phonenumber`, `birthday`, `avatar` FROM `user_info` WHERE `id` = '".$_SESSION[sess_login]['id']."'";
		$id = $_SESSION[sess_login]['id'];
		$flag = true;
		$is_admin = false;
	}
	
	if($flag){
	include("./module/connect.php");
	$result = mysql_query($command, $conn);
	if(mysql_num_rows($result)==1){
		while ($row = mysql_fetch_row($result)){
			$fullname = $row[0];
			$address = $row[1];
			$email = $row[2];
			$phonenumber = $row[3];
			$birthday = $row[4];
			$avatar = $row[5];
		}
	mysql_free_result($result);
	}
?>
<table border="0" cellspacing="0" cellpadding="5" class="table_td28">
  <tr>
    <td width="470" valign="top">
<form name="changeinfo_user" id="changeinfo_user" onsubmit="return false;">
   <fieldset>
 <legend> User Info </legend> 
  
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td width="120" rowspan="6" align="center" valign="top">
    <img height="130" width="100" />      <input type="button" name="button" id="button" value=" Change image "> </td>
    <td width="150" align="right" valign="middle">Full Name: </td>
    <td width="200" align="left" valign="middle"><input type="text" name="ufullname" id="ufullname" value="<?=$fullname ?>"></td>
  </tr>
  <tr>
    <td align="right" valign="middle">Email: </td>
    <td align="left" valign="middle"><input type="text" name="uemail" id="uemail" value="<?=$email ?>"></td>
    </tr>
  <tr>
    <td align="right" valign="middle">Birthday: </td>
    <td align="left" valign="middle"><input type="text" name="ubirthday" id="ubirthday" value="<?=$birthday ?>"></td>
    </tr>
  <tr>
    <td align="right" valign="middle">Address: </td>
    <td align="left" valign="middle"><input type="text" name="uaddress" id="uaddress" value="<?=$address ?>"></td>
    </tr>
  <tr>
    <td align="right" valign="middle">Phone Number: </td>
    <td align="left" valign="middle"><input type="text" name="uphonenumber" id="uphonenumber" value="<?=$phonenumber ?>"></td>
    </tr>
  <tr>
    <td align="right" valign="middle">&nbsp;</td>
    <td align="left" valign="middle">
    	<input type="hidden" name="uid" id="uid" value="<?=$id ?>">
      <input type="submit" name="submit1" id="submit1" value=" Save Change ">
      <input type="reset" name="reset" id="reset" value="Reset">
    </td>
    </tr>
</table>
</fieldset>
</form>
    </td>
    <?php
	if($is_admin){
		$command1 = "SELECT `username`,`permission`,`status` FROM `user_account` WHERE `id` = '".$id."'";
		$result1 = mysql_query($command1, $conn);
		if(mysql_num_rows($result1)==1){
			while ($row1 = mysql_fetch_row($result1)){
				$username = $row1[0];
				$permission = $row1[1];
				$status = $row1[2];
			}
		mysql_free_result($result1);
		}

	?>
        <td valign="top" width="350" >
<form id="resetpass_user" name="resetpass_user"  autocomplete="off" onsubmit="return false;">
 <fieldset>
 <legend> Reset password for user</legend> 
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td width="160" align="right" valign="middle">User name: </td>
    <td width="190" align="left" valign="middle"><span class="username_red"><?=$username ?></span></td>
  </tr>
  <tr>
    <td align="right" valign="middle">New password: </td>
    <td align="left" valign="middle"><input type="password" name="unewpass" id="unewpass"></td>
  </tr>
  <tr>
    <td align="right" valign="middle">Retype: </td>
    <td align="left" valign="middle"><input type="password" name="uretype" id="uretype"></td>
  </tr>
  <tr>
    <td align="right" valign="middle">&nbsp;</td>
    <td align="left" valign="middle">
      <span class="note">(An email will sent to user)</span></td>
  </tr>
  <tr>
    <td align="right" valign="middle">&nbsp;</td>
    <td align="left" valign="middle">
      <input type="hidden" name="uid" id="uid" value="<?=$id ?>">
      <input type="submit" name="submit3" id="submit3" value=" Save Password ">
      <input type="reset" name="reset" id="reset" value="Reset">
    </td>
  </tr>
</table>
</fieldset>
</form>
<form id="changepermission_user" name="changepermission_user" onsubmit="return false;">
 <fieldset>
 <legend> Change permission of user </legend> 
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td align="right" valign="middle" width="80">Permission:</td>
    <td align="left" valign="middle">
    <?php
	$select1 = $select2 = $select3 = '';
	if($permission==1){$select1 = ' selected="selected"';}
	else if ($permission==2){$select2 = ' selected="selected"';}
	else if ($permission==3){$select3 = ' selected="selected"';}
	?>
	<select name="upermission" id="upermission">
      <option value="1"<?=$select1 ?>>Normal user   </option>
      <option value="2"<?=$select2 ?>>Moderator   </option>
      <option value="3"<?=$select3 ?>>Admin   </option>
    </select>    </td>
  </tr>
  <tr>
    <td align="right" valign="middle">Status:</td>
    <td align="left" valign="middle">
    <?php
	$status0 = $status1 = $status2 = '';
	if($status==0){$status0 = ' checked="checked"';}
	else if ($status==1){$status1 = ' checked="checked"';}
	else if ($status==2){$status2 = ' checked="checked"';}
	?>
	 <label><input type="radio" name="ustatus" value="1" id="ustatus_1" <?=$status1 ?>/>Active</label>
	  &nbsp;<label><input type="radio" name="ustatus" value="2" id="ustatus_2" <?=$status2 ?>/>Waiting</label>
	  &nbsp;<label><input type="radio" name="ustatus" value="0" id="ustatus_0" <?=$status0 ?>/>Block</label>
	  </td>
  </tr>
  <tr>
    <td align="right" valign="middle" height="40">&nbsp;</td>
    <td align="left" valign="middle">
      <input type="hidden" name="uid" id="uid" value="<?=$id ?>">
      <input type="submit" name="submit4" id="submit4" value=" Save Change ">
    </td>
  </tr>
</table>
</fieldset>
</form>
</td>

	<?php	
	}
	else{
	?>
    <td valign="top" width="350" >
<form id="changepass_user" name="changepass_user"  autocomplete="off" onsubmit="return false;">
 <fieldset>
 <legend> Change password </legend> 
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td width="160" align="right" valign="middle">User name: </td>
    <td width="190" align="left" valign="middle"><span class="username_red"><?=$_SESSION[sess_login]['username'] ?></span></td>
  </tr>
  <tr>
    <td align="right" valign="middle">Current password: </td>
    <td align="left" valign="middle"><input type="password" name="ucurpass" id="ucurpass"></td>
  </tr>
  <tr>
    <td align="right" valign="middle">New password: </td>
    <td align="left" valign="middle"><input type="password" name="unewpass" id="unewpass"></td>
  </tr>
  <tr>
    <td align="right" valign="middle">Retype: </td>
    <td align="left" valign="middle"><input type="password" name="uretype" id="uretype"></td>
  </tr>
  <tr>
    <td align="right" valign="middle">&nbsp;</td>
    <td align="left" valign="middle">
      <span class="note">(An email will sent to you)</span></td>
  </tr>
  <tr>
    <td align="right" valign="middle">&nbsp;</td>
    <td align="left" valign="middle">
      <input type="hidden" name="uid" id="uid" value="<?=$id ?>">
      <input type="submit" name="submit2" id="submit2" value=" Save Password ">
      <input type="reset" name="reset" id="reset" value="Reset">
    </td>
  </tr>
</table>
</fieldset>
</form>
</td>
    <?php
	}
	?>
    
  </tr>
</table>

<?php
	mysql_close($conn);
	}
}
else {
	echo '<center><br /><br />Please Login</center>';
}
?>